Spam Leads to Blackhole Attack

Sunday, October 28, 2012 @ 01:10 PM gHale

A spam campaign is the starting point for a Blackhole-Cridex malware attack.

It all starts with an email entitled “Re:Fwd: Order 321312” which reads: Welcome, You can download your Microsoft Windows License here. Microsoft Corporation,” said researchers at security company GFI Labs.

Microsoft has nothing to do with the emails and the emails have nothing to do with Windows licenses.

Instead, when users click on the link, they go to a website hosted on a Russian domain, which contains and obfuscated JavaScript designed to load another web page, the researchers said.

While the victim is viewing a message that reads “Please wait a moment. You will be forwarded,” in the background, the BlackHole exploit kit is working on trying to find a security hole to push malware onto the victim’s computer.